CVE-2025-54875 | FreshRSS up to 1.26.x User Management new_user_is_admin access control (GHSA-h625-ghr3-jppq)

A vulnerability was found in FreshRSS up to 1.26.x. It has been rated as critical. Affected is an unknown function of the component User Management Handler. This manipulation of the argument new_user_is_admin causes improper access controls.

This vulnerability is tracked as CVE-2025-54875. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More